CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,363 vulnerabilities with CWE-352
CVE-2023-24458 HIGH
Jenkins BearyChat Plugin <3.0.2 - CSRF
CVSS 8.8
CVE-2023-24457 MEDIUM
Jenkins Keycloak Auth Plugin <2.3.0 - CSRF
CVSS 6.5
CVE-2023-24452 HIGH
Jenkins TestQuality Updater Plugin <1.3 - CSRF
CVSS 8.8
CVE-2023-24447 HIGH
Jenkins RabbitMQ Consumer Plugin <2.8 - CSRF
CVSS 8.8
CVE-2023-24446 HIGH
Jenkins OpenID Plugin < 2.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-24437 HIGH
Jenkins JIRA Pipeline Steps Plugin <2.0.165.v8846cf59f3db - CSRF
CVSS 8.8
CVE-2023-24434 HIGH
Jenkins GitHub Pull Request Builder Plugin <1.42.2 - CSRF
CVSS 8.8
CVE-2023-24432 HIGH
Jenkins Orka by MacStadium Plugin <1.31 - CSRF
CVSS 8.8
CVE-2023-24428 MEDIUM
Jenkins Bitbucket OAuth Plugin <0.12 - CSRF
CVSS 5.7
CVE-2023-24423 MEDIUM
Jenkins Gerrit Trigger Plugin <2.38.0 - CSRF
CVSS 6.5
CVE-2023-0438 MEDIUM
modoboa < 2.0.4 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-0406 MEDIUM
modoboa < 2.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-0403 MEDIUM
Social Warfare <= 4.3.1 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 5.4
CVE-2023-0398 MEDIUM
modoboa < 2.0.4 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-0385 MEDIUM
Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery via Admin Init Function
CVSS 4.3
CVE-2023-22286 HIGH
MAHO-PBX NetDevancer < 1.11.00 - Unauthenticated Cross-Site Request Forgery
CVSS 8.1
CVE-2023-22852 MEDIUM
Tiki < 25.0 - Cross-Site Request Forgery via tiki-importer.php and tiki-import_sheet.php
CVSS 6.5
CVE-2023-0294 HIGH
Mediamatic - Media Library Folders <2.8.1 - CSRF
CVSS 8.8
CVE-2023-22472 MEDIUM
Nextcloud Desktop - Cross-Site Request Forgery via Deep Link
CVSS 5.3
CVE-2023-0088 HIGH
Swifty Page Manager <= 3.0.1 - Cross-Site Request Forgery via AJAX Actions
CVSS 8.8
CVE-2023-0086 MEDIUM
JetWidgets for Elementor <1.0.12 - CSRF
CVSS 5.4
CVE-2023-22457 CRITICAL
CKEditor Integration UI <1.64.3 - CSRF
CVSS 9.0
CVE-2022-47150 MEDIUM
WordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerability
CVSS 4.3
CVE-2022-44630 MEDIUM
WordPress YITH WooCommerce Product Slider Carousel plugin <= 1.16.0 - Cross-Site Request Forgery (CSRF)
CVSS 4.6
CVE-2022-50955 MEDIUM
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,363
Exploit Likelihood Medium